ac0b863a2a77cd75916696a1a4774163

Sharing

Copy URL Twitter E-mail

General

Target

ac0b863a2a77cd75916696a1a4774163
Size

482KB
MD5

ac0b863a2a77cd75916696a1a4774163
SHA1

c0144db1cbbd9f0cd5eb6b50868d75c411e31a75
SHA256

59aa0aa72a0debf5c1d62e521b689a08193cfc052e9e561e529d31f79151b6c6
SHA512

534e57962948ce30dad80cdf2081bda421a5b9bea54835b6f487726e4d448ac403aff65c9319c8a9b933d8fba66e6c027282f92e852a302bf27e4ca37ac77f61
SSDEEP

12288:qi74v3RsIdL6cAPt5/ccg30+WpKwl4x9knMIJp:t7+Vdult5c30ux9pI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac0b863a2a77cd75916696a1a4774163

Files

ac0b863a2a77cd75916696a1a4774163
.exe windows:4 windows x86 arch:x86

84abdb94ade616adcb99292f986c95e0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

k:\wrsoxle\ndnldgarvb\zkwitaw\tsswc.PDB

Imports

comdlg32

PrintDlgW
ReplaceTextA
GetOpenFileNameW
GetSaveFileNameW

gdi32

Polygon
SetWorldTransform
SetWinMetaFileBits
GetCharWidth32A
GetNearestColor

comctl32

InitCommonControlsEx

user32

RegisterClassA
SetClassLongW
SetFocus
GetMenuDefaultItem
SetPropA
RegisterClassExA

kernel32

SetEnvironmentVariableW
HeapCreate
ExitProcess
MultiByteToWideChar
GetStdHandle
GetCurrentThread
FreeLibraryAndExitThread
ReadFile
GetLastError
GetCPInfo
LoadLibraryA
GetLocaleInfoW
RtlUnwind
VirtualProtect
GetModuleHandleA
GetTickCount
LCMapStringA
FreeEnvironmentStringsW
GetExitCodeProcess
WaitForSingleObject
GetTimeZoneInformation
IsBadWritePtr
WritePrivateProfileStructA
CompareStringA
GetFileType
GetEnvironmentStrings
GetVersionExA
GetCurrentProcessId
TlsSetValue
CreateMutexA
VirtualQuery
TerminateProcess
HeapDestroy
GetEnvironmentStringsW
TlsGetValue
TlsFree
SetFilePointer
FlushFileBuffers
IsValidLocale
GetCurrentProcess
GetProcAddress
TlsAlloc
GetStringTypeA
GetUserDefaultLCID
WriteFile
HeapReAlloc
OpenMutexA
SetLastError
SetEnvironmentVariableA
GetCurrentThreadId
WideCharToMultiByte
IsValidCodePage
GetPrivateProfileSectionW
HeapFree
UnhandledExceptionFilter
LockFile
GetSystemTimeAsFileTime
InterlockedExchange
EnterCriticalSection
GetTimeFormatA
EnumSystemLocalesA
SetHandleCount
GetACP
GetStartupInfoA
VirtualFree
QueryPerformanceCounter
VirtualAlloc
LCMapStringW
GetDateFormatA
LeaveCriticalSection
SetStdHandle
InitializeCriticalSection
GetCommandLineA
GetLocaleInfoA
HeapAlloc
CompareStringW
GetStringTypeW
FreeEnvironmentStringsA
HeapSize
DeleteCriticalSection
GetOEMCP
CloseHandle
GetSystemInfo
GetModuleFileNameA

advapi32

RegSetValueExA
RegNotifyChangeKeyValue
RegDeleteValueA
RegOpenKeyExW
CryptSignHashA

Sections

.text
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84abdb94ade616adcb99292f986c95e0

Headers

File Characteristics

PDB Paths

Imports

comdlg32

gdi32

comctl32

user32

kernel32

advapi32

Sections

.text Size: 334KB - Virtual size: 334KB

.rdata Size: 29KB - Virtual size: 50KB

.data Size: 104KB - Virtual size: 104KB

.rsrc Size: 13KB - Virtual size: 12KB

.text
Size: 334KB - Virtual size: 334KB

.rdata
Size: 29KB - Virtual size: 50KB

.data
Size: 104KB - Virtual size: 104KB

.rsrc
Size: 13KB - Virtual size: 12KB